8.3.1. Procedure – Setting up a transparent HTTP connection

Purpose: 

To setup a transparent HTTP connection, perform the following steps. To audit HTTP connections in non-transparent mode, see Procedure 8.3.2, Enabling PSM to act as a HTTP proxy.

Figure 8.1. HTTP Control > Connections — Transparent HTTP connection

HTTP Control > Connections — Transparent HTTP connection

Steps: 

  1. In the Name field, enter the name of the connection that will identify the connection policy.

  2. In the From field, enter the IP address and prefix of the client that will be permitted to access the server.

    You can use an IPv4 or an IPv6 address. To limit the IP range to the specified address, set the prefix to 32 (IPv4) or 128 (IPv6).

  3. In the To field, enter the IP address and prefix that the clients will target.

    You can use an IPv4 or an IPv6 address. To limit the IP range to the specified address, set the prefix to 32 (IPv4) or 128 (IPv6).

  4. In the Target section, select Use original target address of the client.

  5. In the SNAT section, select Use the original IP address of PSM.

  6. Since PSM cannot automatically decide whether the incoming sessions are encrypted or not, it is required to setup another identical connection policy for the same sessions, for HTTPS. As a result, HTTP and HTTPS sessions will be saved into separate trails.

    1. Setup a new connection policy with the same settings as above.

    2. Set the Port to 443.

    3. Enable SSL encryption. For details, see Procedure 8.3.3, Enabling SSL encryption in HTTP.